<?php


namespace Qiniu;
use Qiniu;
use Qiniu\Zone;
final class Auth
{
private $accessKey;
private $secretKey;
public function __construct($accessKey,$secretKey)
{
$this->accessKey = $accessKey;
$this->secretKey = $secretKey;
}
public function getAccessKey()
{
return $this->accessKey;
}
public function sign($data)
{
$hmac = hash_hmac('sha1',$data,$this->secretKey,true);
return $this->accessKey .':'.\Qiniu\base64_urlSafeEncode($hmac);
}
public function signWithData($data)
{
$data = \Qiniu\base64_urlSafeEncode($data);
return $this->sign($data) .':'.$data;
}
public function signRequest($urlString,$body,$contentType = null)
{
$url = parse_url($urlString);
$data = '';
if (array_key_exists('path',$url)) {
$data = $url['path'];
}
if (array_key_exists('query',$url)) {
$data .= '?'.$url['query'];
}
$data .= "\n";
if ($body !== null &&$contentType === 'application/x-www-form-urlencoded') {
$data .= $body;
}
return $this->sign($data);
}
public function verifyCallback($contentType,$originAuthorization,$url,$body)
{
$authorization = 'QBox '.$this->signRequest($url,$body,$contentType);
return $originAuthorization === $authorization;
}
public function privateDownloadUrl($baseUrl,$expires = 3600)
{
$deadline = time() +$expires;
$pos = strpos($baseUrl,'?');
if ($pos !== false) {
$baseUrl .= '&e=';
}else {
$baseUrl .= '?e=';
}
$baseUrl .= $deadline;
$token = $this->sign($baseUrl);
return "$baseUrl&token=$token";
}
public function uploadToken(
$bucket,
$key = null,
$expires = 3600,
$policy = null,
$strictPolicy = true,
Zone $zone = null
) {
$deadline = time() +$expires;
$scope = $bucket;
if ($key !== null) {
$scope .= ':'.$key;
}
$args = array();
$args = self::copyPolicy($args,$policy,$strictPolicy);
$args['scope'] = $scope;
$args['deadline'] = $deadline;
if ($zone === null) {
$zone = new Zone();
}
list($upHosts,$err) = $zone->getUpHosts($this->accessKey,$bucket);
if ($err === null) {
$args['upHosts'] = $upHosts;
}
$b = json_encode($args);
return $this->signWithData($b);
}
private static $policyFields = array(
'callbackUrl',
'callbackBody',
'callbackHost',
'callbackBodyType',
'callbackFetchKey',
'returnUrl',
'returnBody',
'endUser',
'saveKey',
'insertOnly',
'detectMime',
'mimeLimit',
'fsizeMin',
'fsizeLimit',
'persistentOps',
'persistentNotifyUrl',
'persistentPipeline',
'deleteAfterDays',
'upHosts',
);
private static $deprecatedPolicyFields = array(
'asyncOps',
);
private static function copyPolicy(&$policy,$originPolicy,$strictPolicy)
{
if ($originPolicy === null) {
return array();
}
foreach ($originPolicy as $key =>$value) {
if (in_array((string) $key,self::$deprecatedPolicyFields,true)) {
throw new \InvalidArgumentException("{$key} has deprecated");
}
if (!$strictPolicy ||in_array((string) $key,self::$policyFields,true)) {
$policy[$key] = $value;
}
}
return $policy;
}
public function authorization($url,$body = null,$contentType = null)
{
$authorization = 'QBox '.$this->signRequest($url,$body,$contentType);
return array('Authorization'=>$authorization);
}
}

?>